CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
CISA has added CVE-2026-45247, a critical remote code execution flaw in the Mirasvit Cache Warmer Magento extension, to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities (KEV) catalog. This move comes after reports confirmed that the flaw, identified as CVE-2026-45247, is being actively exploited in the wild.
The vulnerability carries a severe CVSS score of 9.8, indicating a high level of risk. At its core, the flaw stems from the deserialization of untrusted data, a common weakness that can allow attackers to execute arbitrary code on vulnerable systems. This particular extension, Mirasvit Cache Warmer, is a popular choice for Magento e-commerce platforms seeking to enhance performance through full-page caching.
Active exploitation in the wild means that threat actors are already leveraging this vulnerability to compromise Magento websites. The exact nature of these attacks is not fully detailed, but the potential for remote code execution suggests attackers could gain control over affected servers, leading to data theft, website defacement, or the deployment of further malicious software such as ransomware or cryptominers.
Organizations utilizing the Mirasvit Cache Warmer extension are strongly advised to take immediate action. CISA's inclusion in the KEV catalog serves as a critical alert, mandating that federal agencies apply available patches. However, the recommendation extends to all organizations, regardless of sector, to prioritize patching to mitigate the risk of compromise.
While the specific details of the exploitation methods are still emerging, the nature of deserialization vulnerabilities often involves crafting malicious input that, when processed by the application, leads to the execution of attacker-controlled code. This could be achieved through specially crafted requests sent to the Magento instance.
The addition to the KEV catalog signifies that CISA has verified evidence of exploitation, making it a high-priority item for defenders. The catalog is a crucial resource for organizations looking to understand and prioritize the most immediate cyber threats facing their networks.
This incident underscores the ongoing threat posed by vulnerabilities in popular e-commerce platforms and their extensions. The interconnected nature of online retail means that a single exploited flaw can have widespread implications for businesses and their customers, highlighting the importance of diligent security practices, including timely patching and vulnerability management.